IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Move realm_to_serverid/ldap_uri to ipaldap

Browse Source 
The helper function realm_to_serverid() and realm_to_ldap_uri() are
useful outside the server installation framework. They are now in
ipapython.ipaldap along other helpers for LDAP handling in FreeIPA.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Christian Heimes 2018-11-29 14:49:43 +01:00 committed by Rob Crittenden
parent dc33be73f8
commit d5d9233b7c
19 changed files with 74 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/tools/ipactl.in
View File

@ -30,7 +30,7 @@ from ipaserver.install import service, installutils
from ipaserver.install.dsinstance import config_dirname
from ipaserver.install.installutils import is_ipa_configured, ScriptError
from ipalib import api, errors
from ipapython.ipaldap import LDAPClient
from ipapython.ipaldap import LDAPClient, realm_to_serverid
from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket
from ipapython.ipautil import run
from ipapython import config
@ -75,7 +75,7 @@ def is_dirsrv_debugging_enabled():
returns True or False
"""
debugging = False
serverid = installutils.realm_to_serverid(api.env.realm)
serverid = realm_to_serverid(api.env.realm)
dselist = [config_dirname(serverid)]
for dse in dselist:
try:

14
ipapython/ipaldap.py
View File

@ -39,12 +39,14 @@ import ldap
import ldap.sasl
import ldap.filter
from ldap.controls import SimplePagedResultsControl, GetEffectiveRightsControl
import ldapurl
import six
# pylint: disable=ipa-forbidden-import
from ipalib import errors, x509, _
from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT
# pylint: enable=ipa-forbidden-import
from ipaplatform.paths import paths
from ipapython.ipautil import format_netloc, CIDict
from ipapython.dn import DN
from ipapython.dnsutil import DNSName
@ -90,6 +92,18 @@ if six.PY2 and hasattr(ldap, 'LDAPBytesWarning'):
)
def realm_to_serverid(realm_name):
"""Convert Kerberos realm name to 389-DS server id"""
return "-".join(realm_name.split("."))
def realm_to_ldapi_uri(realm_name):
"""Get ldapi:// URI to 389-DS's Unix socket"""
serverid = realm_to_serverid(realm_name)
socketname = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % (serverid,)
return 'ldapi://' + ldapurl.ldapUrlEscape(socketname)
def ldap_initialize(uri, cacertfile=None):
"""Wrapper around ldap.initialize()

3
ipaserver/install/adtrustinstance.py
View File

@ -40,6 +40,7 @@ from ipaserver.install.replication import wait_for_task
from ipalib import errors, api
from ipalib.util import normalize_zone
from ipapython.dn import DN
from ipapython import ipaldap
from ipapython import ipautil
import ipapython.errors
@ -178,7 +179,7 @@ class ADTRUSTInstance(service.Service):
self.suffix = ipautil.realm_to_suffix(self.realm)
self.ldapi_socket = "%%2fvar%%2frun%%2fslapd-%s.socket" % \
installutils.realm_to_serverid(self.realm)
ipaldap.realm_to_serverid(self.realm)
# DN definitions
self.trust_dn = DN(api.env.container_trusts, self.suffix)

3
ipaserver/install/bindinstance.py
View File

@ -40,6 +40,7 @@ from ipaserver.dns_data_management import (
from ipaserver.install import installutils
from ipaserver.install import service
from ipaserver.install import sysupgrade
from ipapython import ipaldap
from ipapython import ipautil
from ipapython import dnsutil
from ipapython.dnsutil import DNSName
@ -803,7 +804,7 @@ class BindInstance(service.Service):
self.sub_dict = dict(
FQDN=self.fqdn,
SERVER_ID=installutils.realm_to_serverid(self.realm),
SERVER_ID=ipaldap.realm_to_serverid(self.realm),
SUFFIX=self.suffix,
BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,

5
ipaserver/install/ca.py
View File

@ -22,6 +22,7 @@ from ipapython.install import typing
from ipapython.install.core import group, knob, extend_knob
from ipaserver.install import cainstance, bindinstance, dsinstance
from ipapython import ipautil, certdb
from ipapython import ipaldap
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
@ -209,7 +210,7 @@ def install_check(standalone, replica_config, options):
if standalone:
dirname = dsinstance.config_dirname(
installutils.realm_to_serverid(realm_name))
ipaldap.realm_to_serverid(realm_name))
cadb = certs.CertDB(realm_name, nssdir=paths.PKI_TOMCAT_ALIAS_DIR,
subject_base=options._subject_base)
dsdb = certs.CertDB(
@ -343,7 +344,7 @@ def install_step_1(standalone, replica_config, options, custodia):
#
ca.setup_lightweight_ca_key_retrieval()
serverid = installutils.realm_to_serverid(realm_name)
serverid = ipaldap.realm_to_serverid(realm_name)
if standalone and replica_config is None:
dirname = dsinstance.config_dirname(serverid)

5
ipaserver/install/custodiainstance.py
View File

@ -12,6 +12,7 @@ from ipaplatform.paths import paths
from ipaplatform.constants import constants
from ipaserver.install.service import SimpleServiceInstance
from ipapython import ipautil
from ipapython import ipaldap
from ipapython.certdb import NSSDatabase
from ipaserver.install import installutils
from ipaserver.install import ldapupdate
@ -104,7 +105,7 @@ class CustodiaInstance(SimpleServiceInstance):
@property
def ldap_uri(self):
if self.custodia_peer is None:
return installutils.realm_to_ldapi_uri(self.realm)
return ipaldap.realm_to_ldapi_uri(self.realm)
else:
return "ldap://{}".format(self.custodia_peer)
@ -117,7 +118,7 @@ class CustodiaInstance(SimpleServiceInstance):
IPA_CUSTODIA_KEYS=paths.IPA_CUSTODIA_KEYS,
IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET,
IPA_CUSTODIA_AUDIT_LOG=paths.IPA_CUSTODIA_AUDIT_LOG,
LDAP_URI=installutils.realm_to_ldapi_uri(self.realm),
LDAP_URI=ipaldap.realm_to_ldapi_uri(self.realm),
UID=httpd_info.pw_uid,
GID=httpd_info.pw_gid
)

7
ipaserver/install/dsinstance.py
View File

@ -268,7 +268,7 @@ class DsInstance(service.Service):
idstart, idmax, pkcs12_info, ca_file=None,
setup_pkinit=False):
self.realm = realm_name.upper()
self.serverid = installutils.realm_to_serverid(self.realm)
self.serverid = ipaldap.realm_to_serverid(self.realm)
self.suffix = ipautil.realm_to_suffix(self.realm)
self.fqdn = fqdn
self.dm_password = dm_password
@ -1191,7 +1191,8 @@ class DsInstance(service.Service):
# shutdown the server
self.stop()
dirname = config_dirname(installutils.realm_to_serverid(self.realm))
dirname = config_dirname(
ipaldap.realm_to_serverid(self.realm))
certdb = certs.CertDB(
self.realm,
nssdir=dirname,
@ -1336,7 +1337,7 @@ class DsInstance(service.Service):
def write_certmap_conf(realm, ca_subject):
"""(Re)write certmap.conf with given CA subject DN."""
serverid = installutils.realm_to_serverid(realm)
serverid = ipaldap.realm_to_serverid(realm)
ds_dirname = config_dirname(serverid)
certmap_filename = os.path.join(ds_dirname, "certmap.conf")
shutil.copyfile(

26
ipaserver/install/installutils.py
View File

@ -34,6 +34,7 @@ import tempfile
import shutil
import traceback
import textwrap
import warnings
from contextlib import contextmanager
from configparser import ConfigParser as SafeConfigParser
from configparser import NoOptionError
@ -41,16 +42,14 @@ from configparser import NoOptionError
from dns import resolver, rdatatype
from dns.exception import DNSException
import ldap
import ldapurl
import six
from ipalib.install import sysrestore
from ipalib.install.kinit import kinit_password
import ipaplatform
from ipapython import ipautil, admintool, version
from ipapython import ipautil, admintool, version, ipaldap
from ipapython.admintool import ScriptError, SERVER_NOT_CONFIGURED # noqa: E402
from ipapython.certdb import EXTERNAL_CA_TRUST_FLAGS
from ipapython.ipaldap import DIRMAN_DN, LDAPClient
from ipalib.util import validate_hostname
from ipalib import api, errors, x509
from ipapython.dn import DN
@ -338,9 +337,9 @@ def validate_dm_password_ldap(password):
Validate DM password by attempting to connect to LDAP. api.env has to
contain valid ldap_uri.
"""
client = LDAPClient(api.env.ldap_uri, cacert=paths.IPA_CA_CRT)
client = ipaldap.LDAPClient(api.env.ldap_uri, cacert=paths.IPA_CA_CRT)
try:
client.simple_bind(DIRMAN_DN, password)
client.simple_bind(ipaldap.DIRMAN_DN, password)
except errors.ACIError:
raise ValueError("Invalid Directory Manager password")
else:
@ -1106,14 +1105,23 @@ def check_version():
else:
raise UpgradeMissingVersionError("no data_version stored")
def realm_to_serverid(realm_name):
return "-".join(realm_name.split("."))
warnings.warn(
"Use 'ipapython.ipaldap.realm_to_serverid'",
DeprecationWarning,
stacklevel=2
)
return ipaldap.realm_to_serverid(realm_name)
def realm_to_ldapi_uri(realm_name):
serverid = realm_to_serverid(realm_name)
socketname = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % (serverid,)
return 'ldapi://' + ldapurl.ldapUrlEscape(socketname)
warnings.warn(
"Use 'ipapython.ipaldap.realm_to_ldapi_uri'",
DeprecationWarning,
stacklevel=2
)
return ipaldap.realm_to_ldapi_uri(realm_name)
def check_creds(options, realm_name):

4
ipaserver/install/ipa_backup.py
View File

@ -320,7 +320,7 @@ class Backup(admintool.AdminTool):
logger.info('Stopping IPA services')
run([paths.IPACTL, 'stop'])
instance = installutils.realm_to_serverid(api.env.realm)
instance = ipaldap.realm_to_serverid(api.env.realm)
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
instance):
if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
@ -364,7 +364,7 @@ class Backup(admintool.AdminTool):
NOTE: this adds some things that may not get backed up.
'''
serverid = installutils.realm_to_serverid(api.env.realm)
serverid = ipaldap.realm_to_serverid(api.env.realm)
for dir in [paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid,
paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid,

8
ipaserver/install/ipa_restore.py
View File

@ -465,7 +465,7 @@ class Restore(admintool.AdminTool):
'''
Create an ldapi connection and bind to it using autobind as root.
'''
instance_name = installutils.realm_to_serverid(api.env.realm)
instance_name = ipaldap.realm_to_serverid(api.env.realm)
if not services.knownservices.dirsrv.is_running(instance_name):
raise admintool.ScriptError(
@ -879,7 +879,7 @@ class Restore(admintool.AdminTool):
httpinstance.HTTPInstance().stop_tracking_certificates()
try:
dsinstance.DsInstance().stop_tracking_certificates(
installutils.realm_to_serverid(api.env.realm))
ipaldap.realm_to_serverid(api.env.realm))
except (OSError, IOError):
# When IPA is not installed, DS NSS DB does not exist
pass
@ -910,13 +910,13 @@ class Restore(admintool.AdminTool):
api.bootstrap(in_server=True, context='restore', **overrides)
api.finalize()
self.instances = [installutils.realm_to_serverid(api.env.realm)]
self.instances = [ipaldap.realm_to_serverid(api.env.realm)]
self.backends = ['userRoot', 'ipaca']
# no IPA config means we are reinstalling from nothing so
# there is nothing to test the DM password against.
if os.path.exists(paths.IPA_DEFAULT_CONF):
instance_name = installutils.realm_to_serverid(api.env.realm)
instance_name = ipapython.ipaldap.realm_to_serverid(api.env.realm)
if not services.knownservices.dirsrv.is_running(instance_name):
raise admintool.ScriptError(
"directory server instance is not running"

3
ipaserver/install/ipa_server_certinstall.py
View File

@ -30,6 +30,7 @@ from ipaplatform.paths import paths
from ipapython import admintool
from ipapython.certdb import NSSDatabase, get_ca_nickname
from ipapython.dn import DN
from ipapython import ipaldap
from ipalib import api, errors
from ipaserver.install import certs, dsinstance, installutils, krbinstance
@ -125,7 +126,7 @@ class ServerCertInstall(admintool.AdminTool):
api.Backend.ldap2.disconnect()
def install_dirsrv_cert(self):
serverid = installutils.realm_to_serverid(api.env.realm)
serverid = ipaldap.realm_to_serverid(api.env.realm)
dirname = dsinstance.config_dirname(serverid)
conn = api.Backend.ldap2

2
ipaserver/install/krbinstance.py
View File

@ -263,7 +263,7 @@ class KrbInstance(service.Service):
SUFFIX=self.suffix,
DOMAIN=self.domain,
HOST=self.host,
SERVER_ID=installutils.realm_to_serverid(self.realm),
SERVER_ID=ipaldap.realm_to_serverid(self.realm),
REALM=self.realm,
KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
DICT_WORDS=paths.DICT_WORDS,

2
ipaserver/install/ldapupdate.py
View File

@ -279,7 +279,7 @@ class LDAPUpdate:
self.realm = api.env.realm
suffix = ipautil.realm_to_suffix(self.realm) if self.realm else None
self.ldapuri = installutils.realm_to_ldapi_uri(self.realm)
self.ldapuri = ipaldap.realm_to_ldapi_uri(self.realm)
if suffix is not None:
assert isinstance(suffix, DN)

2
ipaserver/install/plugins/upload_cacrt.py
View File

@ -21,7 +21,7 @@ import logging
from ipalib.install import certstore
from ipaserver.install import certs, dsinstance
from ipaserver.install.installutils import realm_to_serverid
from ipapython.ipaldap import realm_to_serverid
from ipalib import Registry, errors
from ipalib import Updater
from ipapython import certdb

6
ipaserver/install/server/install.py
View File

@ -22,6 +22,7 @@ from ipalib.install import certmonger, sysrestore
from ipapython import ipautil, version
from ipapython.ipautil import (
ipa_generate_password, run, user_input)
from ipapython import ipaldap
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
@ -591,8 +592,7 @@ def install_check(installer):
xmlrpc_uri = 'https://{0}/ipa/xml'.format(
ipautil.format_netloc(host_name))
ldapi_uri = 'ldapi://%2fvar%2frun%2fslapd-{0}.socket\n'.format(
installutils.realm_to_serverid(realm_name))
ldapi_uri = ipaldap.realm_to_ldapi_uri(realm_name)
# [global] section
gopts = [
@ -1166,7 +1166,7 @@ def uninstall(installer):
# Note that this name will be wrong after the first uninstall.
dirname = dsinstance.config_dirname(
installutils.realm_to_serverid(api.env.realm))
ipaldap.realm_to_serverid(api.env.realm))
dirs = [dirname, paths.PKI_TOMCAT_ALIAS_DIR, paths.HTTPD_ALIAS_DIR]
ids = certmonger.check_state(dirs)
if ids:

5
ipaserver/install/server/replicainstall.py
View File

@ -220,8 +220,7 @@ def create_ipa_conf(fstore, config, ca_enabled, master=None):
else:
xmlrpc_uri = 'https://{0}/ipa/xml'.format(
ipautil.format_netloc(config.host_name))
ldapi_uri = 'ldapi://%2fvar%2frun%2fslapd-{0}.socket\n'.format(
installutils.realm_to_serverid(config.realm_name))
ldapi_uri = ipaldap.realm_to_ldapi_uri(config.realm_name)
# [global] section
gopts = [
@ -802,7 +801,7 @@ def promote_check(installer):
api.bootstrap(in_server=True,
context='installer',
confdir=paths.ETC_IPA,
ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
ldap_uri=ipaldap.realm_to_ldapi_uri(env.realm),
xmlrpc_uri=xmlrpc_uri)
# pylint: enable=no-member
api.finalize()

12
ipaserver/install/server/upgrade.py
View File

@ -18,6 +18,7 @@ import tempfile
from contextlib import contextmanager
from augeas import Augeas
import dns.exception
from ipalib import api, x509
from ipalib.install import certmonger, sysrestore
import SSSDConfig
@ -28,6 +29,7 @@ from ipaclient.install.client import sssd_enable_ifp
from ipaplatform import services
from ipaplatform.tasks import tasks
from ipapython import ipautil, version
from ipapython import ipaldap
from ipapython import dnsutil, directivesetter
from ipapython.dn import DN
from ipaplatform.constants import constants
@ -949,7 +951,7 @@ def certificate_renewal_update(ca, ds, http):
"""
template = paths.CERTMONGER_COMMAND_TEMPLATE
serverid = installutils.realm_to_serverid(api.env.realm)
serverid = ipaldap.realm_to_serverid(api.env.realm)
requests = [
{
@ -1367,7 +1369,7 @@ def fix_schema_file_syntax():
logger.info('Syntax already fixed')
return
serverid = installutils.realm_to_serverid(api.env.realm)
serverid = ipaldap.realm_to_serverid(api.env.realm)
ds_dir = dsinstance.config_dirname(serverid)
# 1. 60ipadns.ldif: Add parenthesis to idnsRecord
@ -1444,7 +1446,7 @@ def remove_ds_ra_cert(subject_base):
return
dbdir = dsinstance.config_dirname(
installutils.realm_to_serverid(api.env.realm))
ipaldap.realm_to_serverid(api.env.realm))
dsdb = certs.CertDB(api.env.realm, nssdir=dbdir, subject_base=subject_base)
nickname = 'CN=IPA RA,%s' % subject_base
@ -1810,7 +1812,7 @@ def upgrade_configuration():
fqdn = api.env.host
# Ok, we are an IPA server, do the additional tests
ds_serverid = installutils.realm_to_serverid(api.env.realm)
ds_serverid = ipaldap.realm_to_serverid(api.env.realm)
ds = dsinstance.DsInstance()
# start DS, CA will not start without running DS, and cause error
@ -2098,7 +2100,7 @@ def upgrade_configuration():
SUFFIX=krb.suffix,
DOMAIN=api.env.domain,
HOST=api.env.host,
SERVER_ID=installutils.realm_to_serverid(krb.realm),
SERVER_ID=ipaldap.realm_to_serverid(krb.realm),
REALM=krb.realm,
KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
DICT_WORDS=paths.DICT_WORDS,

4
ipaserver/install/upgradeinstance.py
View File

@ -25,9 +25,11 @@ import ldif
import shutil
import random
import traceback
from ipalib import api
from ipaplatform.paths import paths
from ipaplatform import services
from ipapython import ipaldap
from ipaserver.install import installutils
from ipaserver.install import schemaupdate
@ -88,7 +90,7 @@ class IPAUpgrade(service.Service):
h = "%02x" % rand.randint(0,255)
ext += h
super(IPAUpgrade, self).__init__("dirsrv", realm_name=realm_name)
serverid = installutils.realm_to_serverid(realm_name)
serverid = ipaldap.realm_to_serverid(realm_name)
self.filename = '%s/%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE)
self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext)
self.files = files

2
ipatests/test_integration/test_uninstallation.py
View File

@ -18,7 +18,7 @@ from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_ipa.integration import tasks
from ipaplatform.paths import paths
from ipaserver.install import dsinstance
from ipaserver.install.installutils import realm_to_serverid
from ipapython.ipaldap import realm_to_serverid
class TestUninstallBase(IntegrationTest):